From 0692c54451b2a87ea6a35c5447339a9cf1215f2e Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Sat, 22 Oct 2022 18:28:18 +0300
Subject: [PATCH] install_arch: get image signature from archlinux.org

Wiki says "Do not download it from a mirror" and it sounds more secure.

Fixes: 503b08db4c3a ("install_arch: verify bootstrap image signature")
---
 roles/install_arch/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index 4a0373ac0..221dc4da9 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -57,7 +57,7 @@
     mode: 0644
   loop:
     - https://geo.mirror.pkgbuild.com/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz
-    - https://geo.mirror.pkgbuild.com/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz.sig
+    - https://archlinux.org/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.gz.sig
 
 - name: Get pierre's key
   command: gpg --locate-keys pierre@archlinux.de
-- 
GitLab